Open Source Grows Up at KubeCon EU

At KubeCon EU in Paris, France, open source projects are demonstrating increased maturity in how they approach questions of governance, sustainability, and purpose. It signifies an important turning point as open source is now recognized as a critical part of mission critical systems. Ensuring it remains viable is an existential concern for many enterprises, even if they are sometimes unaware of just how dependent they have become.

The Flux project has been forced to confront these issues after the sudden collapse of Weaveworks in February 2024. Weaveworks was the original source of the Flux codebase, and a significant employer of key maintainers. Flux has been adopted by many enterprises, including Microsoft Azure and Gitlab, that have a vested interest in its survival.

“In some ways, playing on hard mode as a mature project helps us,” said Stefan Prodan, now Principal Consultant at ControlPlane and a core maintainer of CNCF projects Flux, Flagger and the GitOps Toolkit. Prodan was employed by Weaveworks until December 2023.

Prodan is working to build a sustainable financial and governance model for the Flux project so that it doesn’t face a similar situation again. “The Flux project will live on, but we need to ensure that projects are not overly dependant on any one company,” he said, “Or any one individual.”

Prodan wants to move the Flux project to a structure that devolves power away from himself, while ensuring that new maintainers are able to grow into the role. “Maintainers shouldn’t have to accept responsibility for the entire project to accept the post of maintainer,” he says. He wants to use a more graduated structure where individuals, or companies, can assume responsibility for a subset of the project.

It demonstrates a more nuanced and mature understanding of how technology fits into the broader organizational context, something open source projects have traditionally struggled with.

Austin Parker of Honeycomb is similarly concerned with structural issues, but in his specialty of observability. “Observability isn’t just an engineering question,” he says, “The data is used by executive teams to understand how application performance impacts key business metrics like profitability.”

The category of observability has exploded in the past few years, with OpenTelemetry now the second-biggest project under the CNCF banner; Kubernetes continues to hold the number one spot. Observability’s rapid growth has meant the focus has been on deployment, but Parker’s mind is now turning to questions of governance and purpose.

“When you talk about telemetry, you can get into things like user telemetry. There’s this whole category, digital experience management, where you’re running agents on people’s laptops, and that can be used to do things like detect presence and keystrokes,” Parker says.

While this can be very useful for defensive security, such as determining if a privileged user’s account has been compromised, it could also be used for more nefarious purposes. “Some companies will gladly take this data and build a dashboard in the C-suite about worker productivity,” Parker says. While this is possible, Parker urges caution.

“Who gets to decide what is erratic behavior?” he says. “Who gets to decide what is normal or abnormal?” Parker doesn’t claim to know the answers, but stresses that the people building tools and systems should be asking these questions up front.

A willingness to engage with these thorny questions marks a refreshing change. Legislators in multiple jurisdictions are turning a skeptical eye towards the tech industry as their constituents challenge the sometimes dubious priorities of certain technology companies. What was once ignored, or allowed as the price of innovation, is increasingly deemed unacceptable and worthy of censure.

Technology leaders with the courage to examine complex questions of propriety, power, governance and sustainability are showing what a mature technology industry could look like. Rather than waiting for legislative outcomes to force an outcome, it shows that open source projects can be mature participants in a conversation about what the technology of the future should be.

The author attended KubeCon EU as a guest of the Linux Foundation.